hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

3976 Commits

Author SHA1 Message Date
mc
3520fed752 Update SpelInjection.qhelp 2021-09-27 11:40:51 +02:00
Tony Torralba
d10dbbdd9d Apply suggestions from code review 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-09-27 11:40:51 +02:00
Tony Torralba
6bf1e87bbe Remove CSV sinks; make imports private 2021-09-27 11:40:47 +02:00
Tony Torralba
91f46624b6 Refactor SpelInjection.qll 2021-09-27 11:40:26 +02:00
Tony Torralba
94f32d2985 Decouple SpelInjection.qll to reuse the taint tracking configuration 2021-09-27 11:39:30 +02:00
Tony Torralba
569426b04e Consider subtypes of Expression and ExpressionParser 
Add parseRaw as additional taint step
 2021-09-27 11:38:12 +02:00
Tony Torralba
b985ddb868 Use InlineExpectationsTest 2021-09-27 11:37:41 +02:00
Tony Torralba
079769ed2e Refactored SpelInjection.qll to use CSV sink models 2021-09-27 11:36:56 +02:00
Tony Torralba
fc6af0476f Moved from experimental 2021-09-27 11:36:48 +02:00
luchua-bc
5264936fc3 Correct the run method and add Math.min check 2021-09-24 21:00:53 +00:00
Benjamin Muskalla
70e1724463 Exclude methods with non-public parameter types 2021-09-24 12:41:12 +02:00
Benjamin Muskalla
38ca5aba98 Move test generator into subdirectory 2021-09-24 11:13:04 +02:00
Benjamin Muskalla
4e6a8d991e Move stub generator into subdirectory 2021-09-24 11:12:41 +02:00
luchua-bc
272e4f6cf9 Update the query 2021-09-24 01:48:11 +00:00
luchua-bc
2dc38aee54 Update qldoc 2021-09-23 20:31:24 +00:00
Anders Schack-Mulligen
a031b2a090 Merge pull request #6493 from atorralba/atorralba/cleartext-storage-query-refactor 
Java: Refactor Cleartext Storage queries
 2021-09-23 16:31:17 +02:00
Anders Schack-Mulligen
6be4b3bac6 Merge pull request #6725 from emilejq/date-format 
Java: Remove requirements for final and access mods from DateFormatThreadUnsafe
 2021-09-23 15:02:17 +02:00
Emile El-Qawas
83fb41e414 Add visibility constraints; Fix non-compliant code 2021-09-23 09:55:49 +01:00
Tony Torralba
51d2b5225e Remove cached property from SensitiveSource::flowsTo 2021-09-23 10:42:30 +02:00
Tony Torralba
563e8a2bd6 Remove unused library 2021-09-23 10:42:30 +02:00
Tony Torralba
a30554e97c Refactored cleartext storage libraries 2021-09-23 10:42:30 +02:00
Chris Smowton
93daaf5b5b Merge pull request #6174 from joefarebrother/guava-collections 
Java: Model Guava collections package
 2021-09-23 09:13:24 +01:00
Chris Smowton
3123abfac3 Merge pull request #6711 from bananabr/AndroidLoggingFix 
Fix Android logging signature
 2021-09-22 17:23:04 +01:00
Chris Smowton
24e3ad4e18 Remove unnecessary type constraint 2021-09-22 10:54:24 +01:00
Emile El-Qawas
dcae1c5c04 DateFormatThreadUnsafe - Remove requirements for final and access modifiers 2021-09-21 16:50:48 +01:00
luchua-bc
8170f01b66 Query to detect uncontrolled thread resource consumption 2021-09-20 02:12:47 +00:00
Daniel Santos
9e41f43ee2 Fix: android.util.Log is final. No inheritance handling is needed. 2021-09-17 10:15:48 -05:00
Anders Schack-Mulligen
2cbad4aed6 Merge pull request #6600 from atorralba/atorralba/fix-conditionalbypass 
Java: Fix performance of the query User-controlled bypass of sensitive method
 2021-09-17 16:07:39 +02:00
Joe Farebrother
e946f49b64 [Test gen] Gen methods for Set and Iterator 2021-09-17 11:22:50 +01:00
Daniel Santos
032a7e71fe Update Logging.qll 
Simplified using a set-literal as suggested by @intrigus-lgtm
 2021-09-16 13:03:26 -05:00
Daniel Santos
af8b2b6d9c Fix Android logging signature in java/ql/src/experimental/semmle/code/java/Logging.qll 2021-09-16 11:24:06 -05:00
Joe Farebrother
54dbd7c0bd [Test gen] Add more support method implementations 2021-09-16 15:23:03 +01:00
Joe Farebrother
ef5bf87672 [Test gen] Distinguish default support methods 2021-09-16 15:23:03 +01:00
Marcono1234
020aa4d94c Java: Address feedback and fix test failures 2021-09-16 14:10:48 +01:00
Marcono1234
58d2d5d14e Java: Replace incorrect usage of Literal.getLiteral() 2021-09-16 14:10:48 +01:00
Tony Torralba
5ed9949498 Adapt InsecureBasicAuth to the previous commit 2021-09-15 17:20:28 +02:00
Tony Torralba
2e08c5dd2b Refactored HttpsUrls.ql 2021-09-15 17:20:28 +02:00
Tony Torralba
c3c73377b8 Fix scope issues in the Java example 2021-09-15 17:20:28 +02:00
Tony Torralba
023264660b Suggestions from code review 2021-09-15 17:20:28 +02:00
mc
0e7cbbfeb8 Update InsecureBasicAuth.qhelp 2021-09-15 17:20:28 +02:00
mc
e58b90ef1c Added full stops 2021-09-15 17:20:28 +02:00
Tony Torralba
30178d4f23 Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration 2021-09-15 17:20:27 +02:00
Tony Torralba
90df3fa94c Remove CWE reference from qlhelp since it's obtained from metadata 2021-09-15 17:20:27 +02:00
Tony Torralba
2cada386b4 Refactored into InsecureBasicAuth.qll 2021-09-15 17:20:27 +02:00
Tony Torralba
905be67aae Moved from experimental 2021-09-15 17:20:27 +02:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
Chris Smowton
ca87768a93 Merge pull request #6692 from bmuskalla/testGeneratorFlowTest 
Java: Test generator uses `InlineFlowTest`
 2021-09-14 15:44:24 +01:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Benjamin Muskalla
abd770a027 Avoid empty template in test generator 2021-09-14 15:32:12 +02:00
Chris Smowton
a1ad1ddc10 Deprecated and replace uses of old name ServletWriterSource 2021-09-14 14:21:29 +01:00